Lucene search
K

2809 matches found

Snyk
Snyk
added 2026/05/14 7:4 p.m.9 views

Cross-site Scripting (XSS)

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the fides.js script's override mechanism for the banner description field when HTML-formatted descriptions are enabled. An attacker can...

8.7CVSS5.9AI score0.00297EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 7:4 p.m.14 views

ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override

Summary fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the...

7CVSS6AI score0.00297EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41198

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description A Stored Cross-Site Scripting XSS issue exists in the Banner component due to an improper sanitization order where DOMPurify.sanitize is executed before marked.parse. This allows a malicious...

8.1CVSS5.8AI score0.00322EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline...

7.5CVSS5.9AI score0.00465EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 9:16 p.m.37 views

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS0.00465EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 9:16 p.m.7 views

DEBIAN-CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.9AI score0.00465EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:37 p.m.8 views

CVE-2026-44240 basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.9AI score0.00465EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:37 p.m.6 views

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.9AI score0.00465EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 8:37 p.m.59 views

CVE-2026-44240 basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS0.00465EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 8:37 p.m.27 views

CVE-2026-44240

CVE-2026-44240 affects the Node.js FTP client basic-ftp . Before version 5.3.1, the client is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious FTP server can send an unterminated multiline response during the initial banner phase, causi...

7.5CVSS5.9AI score0.00465EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/12 8:37 p.m.9 views

CVE-2026-44240

basic-ftp is an FTP client for Node.js. Prior to 5.3.1, basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before...

7.5CVSS5.9AI score0.00465EPSS
Exploits0
OSV
OSV
added 2026/05/06 7:37 p.m.6 views

GHSA-RPMF-866Q-6P89 basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

Summary basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication. The client keeps appending...

7.5CVSS6AI score0.00465EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 7:37 p.m.8 views

basic-ftp allows a malicious FTP server to cause client-side denial of service via unbounded multiline control response buffering

Summary basic-ftp is vulnerable to client-side denial of service when parsing FTP control-channel multiline responses. A malicious or compromised FTP server can send an unterminated multiline response during the initial FTP banner phase, before authentication. The client keeps appending...

7.5CVSS6AI score0.00465EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/06 3:32 p.m.6 views

EUVD-2026-27826

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS6.2AI score0.00202EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 2:16 p.m.12 views

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 1:51 p.m.9 views

CVE-2025-31975 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified.

HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...

2.6CVSS5.8AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 1:51 p.m.6 views

CVE-2025-31975

HCL BigFix Service Management SM is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially aiding attackers in targeting known vulnerabilities...

2.6CVSS5.8AI score0.00172EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 12:0 a.m.17 views

CVE-2026-36358

CVE-2026-36358 is a Cross Site Scripting vulnerability in Juzaweb CMS v5.0.0. The issue allows a remote attacker to execute arbitrary code via a crafted script submitted to the Add Banner Ads function. Connected documents confirm the same description across NVD, CVE List, and related feeds; no ex...

5.4CVSS6.2AI score0.00202EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management SM has a vulnerability related to information leakage. This vulnerability stems from the exposure of server banner information, allowing the...

5.3CVSS5.8AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 12:0 a.m.8 views

CVE-2026-36358

Cross Site Scripting vulnerability in Juzaweb CMS v.5.0.0 allows a remote attacker via execute arbitrary code via a crafted script to the Add Banner Ads function...

5.4CVSS6.2AI score0.00202EPSS
Exploits0References4
Rows per page
Query Builder